Symptoms
- Website exampe.com is slow or not available:
502 Bad Gateway
OR
504 Gateway Time-out error
-
MaxClients parameter tuning does not help.
-
Errors are logged to
/var/www/vhosts/system/example.com/logs/proxy_error_logvery fastly:[error] 31843#0: *30563813 connect() to unix:///var/www/vhosts/system/example.com/php-fpm.sock failed (11: Resource temporarily unavailable) while connecting to upstream, client: 203.0.113.2, server: example.com, request: "HEAD // HTTP/1.1", upstream: "fastcgi://unix:///var/www/vhosts/system/example.com/php-fpm.sock:", host: "www.example.com"
-
Website nginx error log analysis shows huge amount of HTTP requests from particular addresses:
# tail -n 10000 /var/www/vhosts/system/example.com/logs/proxy_error_log |cut -f 19 -d ' '|sort|uniq -c|sort -nr|more
3566 203.0.113.2,
3158 203.0.113.3,
2162 203.0.113.4,
Cause
The website is under DDoS attack.
Resolution
As a workaround, login to Plesk server via SSH and block the IP addresses sending huge amount of requests:
# iptables -I INPUT 1 -p tcp -s 203.0.113.2 -j DROP
# iptables -I INPUT 1 -p tcp -s 203.0.113.3 -j DROP
# iptables -I INPUT 1 -p tcp -s 203.0.113.4 -j DROP
As a permanent solution, consider installing Plesk extensions mentioned in the article below:
with